Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Alert to Report

Susha
Engager
‎07-06-2021 04:43 AM

Hi ,

I have some alerts which i want to change as report . the reason is , if there are no events then alert is not sending any data/email where in case of report we can receive atleast one blank csv attacehed report/email  if there is no data .. so as per business requirement we want to change allalert to report .. how can we do that ?

 

0 Karma
Reply

Susha
Engager
‎07-06-2021 08:43 AM

thanks @Joannna  for quick revert ..

please consider condition here as a alert which will trigger the events everyday at 9 and it will send that data in CSV .. here problem is i am getting nothing if no data .. if i will convert this in report then it will sent report/email will blank data no matter if data is there or not..

0 Karma
Reply

Joannna
Explorer
‎07-13-2021 01:57 AM

can you put the search here? the issue should be there

Tags (1)
0 Karma
Reply

Joannna
Explorer
‎07-06-2021 06:56 AM

Hello ,

 

So basically , an alert is based on a scheduled saved search that whenever certain conditions are overcome, generates one or more actions to be executed.

A report is scheduled by you at an specific time, example everyday at 9 am , or 2 times a day one at 7 other at 4. So this would be your first issue changing to a report.

It should be fairy easy just copy the search and put it on a report , or save as report, if you need futher assistance on that you can add the code here.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...